Cyber Threats Targeting Mergers and Acquisitions
10sG0c
10sG0c
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
6. St<strong>and</strong>ards<br />
<strong>and</strong> Compliance<br />
• List any m<strong>and</strong>atory or optional compliance st<strong>and</strong>ards,<br />
codes of practice or accreditations<br />
• Evidence of compliance with all above items in this section<br />
• Copies of governmental licenses or permits to operate in<br />
business sector, if applicable (e.g. Financial Services Authority)<br />
7. Risk,<br />
Insurance <strong>and</strong><br />
Continuity<br />
• List <strong>and</strong> provide copies of all company insurance policies<br />
covering property, liabilities <strong>and</strong> operations<br />
• List of any special conditions imposed by insurers<br />
• List of indemnification policies, business interruption,<br />
cyber insurance or product liability policies<br />
• List of any insurance claims for past 3 years<br />
• Copy of the business continuity plan <strong>and</strong> schedule of tests<br />
undertaken<br />
• Copy of data backup <strong>and</strong> verification policies, procedures <strong>and</strong><br />
storage providers <strong>and</strong>/or locations<br />
8. Staff <strong>and</strong><br />
Resources<br />
• List of key employees, contractors <strong>and</strong> vendors who work<br />
on development, testing, operations or security <strong>and</strong> an<br />
organization chart showing line management <strong>and</strong> functional<br />
relationships<br />
• Number of employees <strong>and</strong> other staff (temporary,<br />
voluntary, support, etc.) by department <strong>and</strong> by functional<br />
area associated with developing, operating <strong>and</strong> securing the<br />
network, services, or applications including an indication of<br />
the percentage of their work that this involves<br />
• Contracts including information on confidentiality or<br />
non-competition agreements to which employees are<br />
subject<br />
• List of specific agreements with employees, independent<br />
contractors – provide copies if applicable<br />
• Copies of consulting <strong>and</strong> confidentiality agreements <strong>and</strong> for any<br />
current or former consultants<br />
• List any “Arm’s length” back office support (HR, accounting, IT,<br />
etc.) services, or shared IT infrastructure capabilities<br />
• List of user groups, roles, geographical locations <strong>and</strong><br />
permissions<br />
• List of anyone with remote access<br />
9. Third Party<br />
• List of other companies, partnerships, individuals or other<br />
entities who are stakeholders or contributors or suppliers<br />
• List of agreements with other companies for provision of or<br />
consumption of products <strong>and</strong> services – provide copies of the<br />
agreements if applicable<br />
• List of confidentiality <strong>and</strong> non-disclosure agreements to<br />
which the company is bound or imposes on others – provide<br />
copies if applicable<br />
• List of data <strong>and</strong> formats provided to third parties including<br />
details of those third parties <strong>and</strong> the agreements<br />
• List of data sharing, marketing agreements, co-packaging,<br />
franchises <strong>and</strong> referral agreements<br />
• Lists of any resellers <strong>and</strong> distributors – if applicable provide<br />
copies of the written agreements<br />
• List of agreements or arrangements with company employees<br />
<strong>and</strong> shareholders or with any organization they have a<br />
relationship with – provide copies if applicable<br />
10. Customers<br />
• List all customer communication methods<br />
• List of all social media accounts, business need, use<br />
policies <strong>and</strong> authorized users/publishers<br />
• List of any claims, complaints, litigation arising out of<br />
social media use (including cyber harassment); online br<strong>and</strong><br />
<strong>and</strong> reputation assessment<br />
• List <strong>and</strong> explanation for any major customers lost over the last<br />
2 years<br />
• List of areas where customer supplied content is republished<br />
or recorded<br />
13